Eradicate 8

Friday, 15 November 2013

Aartemis Portal Site is a brower hijacker that hijackers your homepage, changes default search engine provider and tracks your web searches. It's operated by Koyoter Technology, the same company that created Qvo6, Qone8 and Do-Search browser hijackers. This browser hijacker appends the command line argument http://aartemis.com/?type=sc&ts=[time stamp]&from=tugs&uid=[hardware ID] to web browser shortcuts which cause aartemis.com web page to open when you launch your web browser. It usually gets onto your computer through software downloads, even from reputable and well known websites or potentially unwanted installers like Firseria or DomaIQ. If there's an option not to install it, please select it, but unfortunately there are plenty of reports of Aartemis being loaded without permission.

To remove Aartemis Portal Site from your computer you will have to uninstall associated applications through Control Panel. Then remove web browser extensions called Extended Protection, New Tab and Lightning NewTab. And finally, you will have to reset web browsers' preferences and settings and of course remove additional arguments from shortcuts. All the removal steps are well explained and illustrated below. Hopefully, this removal guide will help you remove the annoying and pesky browser hijackers. If you need help or maybe you you have something to add about it, please leave a comment below. Last but not least, scan your computer with anti-malware software. Aartemis Portal Site comes bundled with spyware, adware and malicious web browser extensions. Who knows what other potentialy dangerous or even malicious applications were installed with this browser hijacker. Better safe than sorry!

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall Aartemis Portal Site related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs. If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove:

Wsys Control

Extended Protection

eSave Security Control

Desk 365

As I said earlier, this application is never listed as Aartemis Portal Site in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.

Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Connect Toolbar is a toolbar by Conduit that changes your web browser homepage, modifies search engine and settings. Usually, it makes Conduit Search your default search engine and also adds Connect DLC 5 Customized Web Search engine when searching directly from the address bar. This toolbar utilizes Bing search engine, it won't redirect you to unknown and potentially dangerous sites which is really good because there are many toolbars and browser hijackers that do the opposite. However, you should know that it may collect and send information about your web browsing to Conduit so that they could provide more relevant ads or services to you.

It also performs automatic updates in the background, usually without your knowledge, using cltmng.exe and cltmngsvc.exe. It may even attempt to connect to your social networks and access your profile. This toolbar is clearly annoying and pesky. We can debate whether it's malware or not but what I know exactly is that you don't really need Connect Toolbar. It's not a virus but it may collect information about you that I'm sure you would like to keep private. Besides, multiple antivirus scanners have detected this toolbar as PUP.Optional.Conduit.A, Adware.Toolbar.175, a variant of Win32/Toolbar.Montiera.F, Conduit (fs) and even a generic Trojan.

Where did it come from, you may ask? Connect DLC 5 Toolbar by Conduit is bundled with software downloaders. You may get it while downloading software from Cnet and other reputable download websites. Sometimes, you cannot decline the offer because there's no way to do that and in some cases even if users decline it, this toolbar is still installed.

Unfortunetely, there's no straightforward way to remove Connect Toolbar. It provides uninstaller for Internet Explorer but it doesn't restore web browser's settings. As for Firefox and Chrome, you have to remove it manually as well as restore modified settings. If you don't know how to do this, please follow the removal guide below.

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.

2. Remove Connect DLC 5 Toolbar from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs. If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following Connect DLC 5 Toolbar for IE.

If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Wednesday, 13 November 2013

BuzzSearch is an ad-supported application (adware) that uses web browser add-ons to inject advertisements in a webpage visited by the user. It may inject ads into Google, Facebook, eBay, Amazon and other popular sites based on keywords and other factors. The ads are always prompting something different, but below the banners there is text that reads, "BuzzSearch ads" or "Powered by BuzzSearch." The first block of ads is usually injected somewhere at the top of the page, for example, before Google search results:

The second block is usually inserted in the middle of a page or below the fold, just like this one:

When browsing online stores, it may display the "BuzzSearch Deals" pop-up offering discounts and coupons. I'm not sure whether they are valid or but, I haven't checked them but I presume that at least some of them could be successfully used.

BuzzSearch add-ons and extensions can access your data on most websites, access tabs and browsing activity and even manage other extenions. In other words, it's not your regular web browser extension. It may collect information and send it to adware authors. My guess would be that they use all that information to deliver more targeted ads based on your browsing pattern and keywords. Let's say you were searching for bikes, then there's a good chance that after some time BuzzSearch will be display more ads related to bikes and bike parts. Since it can manage other extensions, it can also install third-party apps on your computer as well. What is more, this adware can update its modules using updatebuzzsearch.exe that is always running in the background and hogging resources from your system.

Once installed, this adware may also display pop-up ads on your computer. Without a doubt, you should remove BuzzSearch adware from your computer and run a full system scan with anti-malware software. If you didn't install it intentionally then it probably came with other potentially dangerous applications which means you should double check your computer for malware.

BuzzSearch is usually detected as adware and potentially unwanted application, for example PUP.Optional.BuzzSearch.A, Adware.Searcher.2574. It may, however, be detected as Trojan.Agent/Gen-BHO and MalSign.Skodna.BuzzSearch. Other adware from the same family: BatBrowse, BrowseFox.

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this infection. Hopefully you won't have to do that.

2. Remove BuzzSearch adware from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs. If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove the following BuzzSearch.

If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.

Remove BuzzSearch ads from Google Chrome:

1. Click on Chrome menu button. Go to Tools → Extensions.

2. Click on the trashcan icon to remove the BuzzSearch 1.0.0 extension:

The do-search.com adware is a browser hijacker that changes your web browser's homepage and default search engine to "Do Search." Technically, it's no different than qvo6.com or dosearches.com browser hijackers. It changes the way you search from the omnibox (Chrome) and URL address bar (Firefox, IE). Adware that installs this browser hijacker appends the command line argument http://do-search.com/?type=hp&ts=[time stamp]&from=tugs&uid=[hardware ID] to web browser shortcuts which cause do-search.com web page to open when you launch your web browser. It also installs a web browser add-on called Extended Protection. This browser add-on will reset any changes you will make after each browser restart. Needles to say, creators of this browser hijacker did all they could to make it difficult to completely remove it. As a results, users complain that it keeps coming back.

At the moment, Do Search browser hijacker redirects users to Yahoo search. Of course, it's probably has nothing to do with Yahoo, scammers may easily redirect users to any other search engine. The main goal of browser hijacker is pretty obvious - to display ads on the homepage. From what I've seen so far, a certain number of ads are used to pushe misleading products or services. To avoid installation of do-search.com, pay very close attention when installing applications from sofware download sites. To remove this browser hijacker and clean the affected shortcuts, please use the removal guide below. If you have questions or need help, please leave a comment below. Good luck and be safe online!

1. First of all, download recommended anti-malware software and run a full system scan. It will detect and remove this infection from your computer. You may then follow the manual removal instructions below to remove the leftover traces of this browser hijacker. Hopefully you won't have to do that.

2. Uninstall do-search.com related programs from your computer using the Add/Remove Programs control panel (Windows XP) or Uninstall a program control panel (Windows 7 and Windows 8).

Go to the Start Menu. Select Control Panel → Add/Remove Programs. If you are using Windows Vista or Windows 7, select Control Panel → Uninstall a Program.

If you are using Windows 8, simply drag your mouse pointer to the right edge of the screen, select Search from the list and search for "control panel".

Or you can right-click on a bottom left hot corner (formerly known as the Start button) and select Control panel from there.

3. When the Add/Remove Programs or the Uninstall a Program screen is displayed, scroll through the list of currently installed programs and remove:

eSave Security Control

Wsys Control

Desk 365

Extended Protection

As I said earlier, this application is never listed as 'DO SEARCH' in the currently installed programs list. So, either look for applications mentioned here or try to remember what software you installed recently. It's probably the culprit.

Simply select the application and click Remove. If you are using Windows Vista, Windows 7 or Windows 8, click Uninstall up near the top of that window. When you're done, please close the Control Panel screen.